Security Guide

     Previous  Next    Contents    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Introduction

Document Audience

Related Information

Understanding AquaLogic Service Bus Security

Inbound Security

Outbound Security

Options for Identity Propagation

Example: Authentication with a User Name Token

Administrative Security

Access Control Policies

Configuring Proxy Service Access Control

Impact of Lifecycle Operations on Access Control Policies

Configuring the WebLogic Security Framework: Main Steps

Supported Standards and Security Providers

Support for WebLogic Security Providers

Configuring Authentication Providers

Using a Custom Authorization Provider to Protect AquaLogic Service Bus Resources

WebLogic Authorization Provider Usage Information

ALSBProxyServiceResource Object

ALSBProxyServiceResource Examples

ProjectResourceV2 Object

ConsoleResource Object

AquaLogic Service Bus Security FAQ

Configuring Transport-Level Security

Configuring Transport-Level Security for HTTPS

HTTPS Authentication Levels

Configuring Inbound HTTPS Security: Main Steps

Configuring Outbound HTTPS Security: Main Steps

Configuring Transport-Level Security for HTTP

Configuring Inbound HTTP Security: Main Steps

Configuring Outbound HTTP Security: Main Steps

Additional Context Properties for HTTP and HTTPS Transport-Level Authentication

Configuring Transport-Level Security for JMS

Configuring Inbound JMS Transport-Level Security: Main Steps

Configuring Outbound JMS Transport-Level Security: Main Steps

Email, FTP, and File Transport-Level Security

Email and FTP Transport-Level Security

File Transport Security

Transport-Level Security Elements in the Message Context

Configuring Custom Authentication

What Are Custom Authentication Tokens?

Custom Authentication Token Use and Deployment

Understanding Transport-Level Custom Authentication

Importing and Exporting and Transport-Level Custom Token Authentication

Understanding Message-Level Custom Authentication

Format of XPath Expressions

Configuring Identity Assertion Providers for Custom Tokens

Object Type of Custom Tokens

Configuring a Custom Token Type in an Identity Assertion Provider

Steps for Configuring a Custom Token Type in an Identity Assertion Provider

Setting the Supported and Active Types in the MBean

Additional Context Properties for Message-Level Authentication

Security Provider Must Have Knowledge of the Property Name

Configuring Custom Authentication Transport-Level Security

Steps for Configuring Custom Authentication Transport-Level Security

Configuring Custom Authentication Message-Level Security

Steps for Configuring Custom Authentication Message-Level Security

Propagating the Identity Obtained From Custom Authentication Tokens

Combining WS-Security with Custom Username/Password and Tokens

Configuring Message-Level Security for Web Services

About Message-Level Security

Message-Level Access Control Policies for Proxy Services

Configuring Inbound Message-Level Security

Creating an Active Intermediary Proxy Service: Main Steps

Creating a Pass-Through Proxy Service: Main Steps

Configuring Outbound Message-Level Security: Main Steps

Disabling Outbound Message-Level Security

Using Web Services Policy to Specify Inbound Message-Level Security

About Web Services Policy

Abstract and Concrete WS-Policy Statements

AquaLogic Service Bus WS-Policy Statements

Creating and Using Custom WS-Policy Statements

Examples of Custom WS-Policy Statements

Example: Encrypting Part of the SOAP Body and Header

Example: Encryption Policy for a Business Service

Example: Encrypting a Custom SOAP Header

Example: Signing the Message Body and Headers

Example: Signing a SOAP Body with SAML Holder-of-Key

Example: Authenticating, Signing, and Encrypting a SOAP Body with SAML Sender Vouches

Attaching WS-Policy Statements to WSDL Documents

Determining the URI of a WS-Policy Statement

Specifying the URI of a WS-Policy Statement in a WSDL Document

Best Practices: Attaching WS-Policy Statements

Example: Requiring X.509 Credentials for Identity and Confidentiality

Example: Attaching Custom Inline WS-Policy Statements to a WSDL Document

Policy Subjects and Effective Policy

Using SAML for Authentication

Configuring SAML Credential Mapping: Main Steps

Configuring SAML Pass-Through Identity Propagation

Authenticating SAML Tokens in Inbound Requests

Troubleshooting SAML Web Services Security

Configuring Administrative Security

Administrative Security Roles and Privileges

Role-Based Access in AquaLogic Service Bus Console

Administrative Security Groups

Configuring Administrative Security: Main Steps

Securing AquaLogic Service Bus in a Production Environment


  Back to Top       Previous  Next